Add and Edit Cookies!

Posted on 25/10/2009 by

1



Hey! guys…I owe all of You a HUGE! apology coz I’ve not been posting for over a week now coz I was occopied by a few personal things and over all just have been really busy…and Ezzk I have no words left but our NeW LoOK of our site looks SEXY!!! :)… From now on I’ll be posting every alternate day coz of Exams comming up….Neways now Ellahax is back so today I’m goin to be talkin about Cookies well… its not the cookies that you eat at home from the Cookie Jar!… but its the Cookies you can Read, Erase, Edit and How to Manage the functions on your site!!!…

It’s a controversial practice because of the privacy implications, but it’s extremely common. Most of the major sites on the Internet, including search engines and portals, send cookies.A cookie is a small file containing an identity code. Your computer accepts the cookie and stores it. Next time you visit the site it’s retrieved and your identity is established. Cookies were originally invented by Netsacpe and are very useful in Entering(HACKING) Site admin/Administrator.

XSS(Cross site scripting)

Cross-site scripting holes are web application vulnerabilities which allow attackers to bypass client-side security mechanisms normally imposed on web content by modern browsers. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user.XSS is used by attackers to steal the cookies which means the attackers can access PHPSESSID’s, username’s and password’s.The expression “cross-site scripting” refers to the act of loading the attacked, third-party web application from an unrelated attack site, in a manner that executes a portion of JavaScript prepared by the attacker to be executed in the security context of the targeted domain a reflected or non-persistent XSS vulnerability.The definition gradually expanded to encompass other modes of code injection, including persistent and non-JavaScript vectors (including Java, ActiveX, VBScript, Flash, or even pure HTML), causing some confusion to newcomers to the field of information security.

1. It shows you a simple page like this in the browser.

 

xss_1

 

 

 

 

 

 

 

 

 

2. Through the XSS flaw on the page, it has been possible to create a FAKE login form which can convince gather a user’s credentials. As seen in step 2, the code contains a section which mentions “destination.asp”. That is where a hacker can decide where the FAKE login form will send the user’s log-in details for them to be retrieved and used maliciously.

 

xss_2

 

 

 

 

 

 

 

 

 

3. This will create the same result on the page, showing how XSS can be used in several different ways to achieve the same result. After the hacker retrieves the user’s log-in credentials, he can easily cause the browser to display the search page as it was originally and the user would not even realize that he has just been fooled. This example may also be seen in use in all those spam emails we all receive. It is very common to find an email in your inbox saying how a certain auctioning site suspects that another individual is using your account maliciously, and it then asks you to click a link to validate your identity. This is a similar method which directs the unsuspecting user to a FAKE version of the auctioning site, and captures the user’s log-in credentials to then send them to the hacker.

 

xss_3

 

 

 

 

 

 

 

 

 

Clear your Browser Cookies?
Clearing  your Internet browser’s cookies help by deleting the information that all websites have gathered about you and stored on your computer as small text files. Most of these files are completly harmless…but others stores where you went, what you did and any peronal information you gave. Websites may also allow other websites (their adveritsers for example) to put cookies, known as third-party cookies on your computer. This is a simple guide to clear your own browser’s..cookies to make sure that companies are not keeping tabs on what you do online.

Eg: Each browser is set up differently, we will look at the process for each of the major browsers.

Internet Explorer 7 :

1. Once your browser is open, select the tools menu and click internet options and select the general tab.

2. to delete all the cookies in the browsing history section, click delete.

3. If you wish to delete only specific cookies and keep others,

4. Click on the settings button and then click view files.

5. Scroll through the list and select the cookies you want to delete.

6. Multiple cookies can be selected by holding down the ctrl key.

7. Press the delete key, press OK on any dialog boxes that appear.


Firefox 1.5:

1. Once your browser is open, select the tools menu and click options (may also be under Edit – Preferences depending on your version) and select the privacy button.

2. Select the cookies tab.

3. To delete all cookies click the delete all cookies button.

4. To delete specific cookies, click view cookies and look through the list of the sites you wish to delete the cookies for, and press remove cookies, you can even expand each site to delete specific cookies from each site..

hey guys hope this post is very useful, so tc and keep reading.

Cheers Ella! 🙂

EllaHax

Advertisements
Posted in: Hacking, Web Hacing